Atlassian patches critical Confluence zero-day exploited in attacks
Atlassian patches critical Confluence zero-day exploited in attacks
Subject : Atlassian patches critical Confluence zero-day exploited in attacks
Severity : Critical (CVE-2023-22515) CVSSv3.1 Score : 9.8
Date : 2023-10-10
Information
Atlassian is an enterprise software company known for developing products focused on collaboration, productivity, and project management. The company has grown to become a global leader in providing software solutions for teams and businesses. Some of their popular products include Jira, Confluence, Trello, Bitbucket, Opsgenie, and Sourcetree. These tools are widely used by various organizations to enhance teamwork and productivity.
Incident
This is a vulnerability allowing privilege escalation on Confluence Data Center and Server, which can be exploited externally without requiring any user interaction. Due to its low complexity, this vulnerability affects Confluence Data Center and Server versions 8.5.1 down to 8.0.0.
Atlassian has been informed by users that they have encountered hackers exploiting an unknown vulnerability in Confluence Data Center and Server instances that are accessible from the internet. This allows the hacker to create unauthorized Confluence administrator accounts and gain access to the Confluence Server instance without authorization.
In this context, Atlassian Cloud sites are not affected by this vulnerability. This is because Confluence accesses them via the atlassian.net domain, which is hosted by Atlassian.
Recommendation
Atlassian has currently released a security patch to address the CVE-2023-22515 vulnerability as follows:
- Confluence Data Center and Server versions 8.3.3 or newer,
- Confluence Data Center and Server versions 8.4.3 or newer, and
- Confluence Data Center and Server versions 8.5.2 (Long Term Support release) or newer
have been alerted to system administrators for urgent updates. It is recommended to promptly update, and if not possible, to consider temporarily disabling the Server instance with the vulnerability or restricting internet access. System administrators can mitigate the risk of exploitation by preventing access to the /setup/* endpoint on the Confluence instance.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
061 404 5895 (Ms.Thanyakan)
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
References
–https://nvd.nist.gov/vuln/detail/CVE-2023-22515
–https://www.opencve.io/cve/CVE-2023-22515
–https://github.com/ErikWynter/CVE-2023-22515-Scan
Weekly Interesting CVE
| Name |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS Rating |
Detail |
Solution |
Ref |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2023-20101 |
04/10/2023 |
06/10/2023 |
Cisco Emergency Responder Release 12.5(1)SU4 |
remote attacker |
9.8 |
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. | There are no workarounds that address | |
| 2 |
CVE-2016-6354 |
21/09/2016 |
06/10/2023 |
Debian Linux version 8.0 |
execute arbitrary code |
9.8 |
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read |
There are no workarounds that address |
|
| 3 |
CVE-2023-32790 |
03/10/2023 |
05/10/2023 |
NXLog Manager version 5.6.5633 |
Cross-Site Scripting (XSS) |
6.1 |
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. |
No solution has been identified at this time. |
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-nxlog-manager |
| 4 |
CVE-2023-37404 |
03/10/2023 |
05/10/2023 |
IBM Observability with Instana (OnPrem) Version 1.0.243 through 1.0.254 |
Execute code |
9.8 |
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. |
upgrade to version 1.0.255 |
|
| 5 |
CVE-2023-44008 |
02/10/2023 |
04/10/2023 |
mojoPortal v.2.7.0.0 |
Execute code |
9.8 |
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. |
No information about possible countermeasures known |
Malware News or Campaign IOC/IOA
|
No |
Campaign Name |
Detection in Thailand |
Detection Date |
Attack Type |
Severity |
Description |
วิธีรับมือ/แก้ไข |
|---|---|---|---|---|---|---|---|
| 1 |
Snatch Ransomware - CISA Alert AA23-263A |
29 |
2/10/2023 |
Ransomware, Tool |
Medium |
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory for Snatch ransomware. Since mid-2021, Snatch threat actors have been adapting their strategies to exploit current trends in cybercrime and learn from the successes of other ransomware variants. They have focused their attacks on various critical infrastructure sectors, such as the Defense Industrial Base, Food and Agriculture, and Information Technology sectors. These threat actors employ ransomware tactics that involve stealing data and using double extortion as leverage. After exfiltrating data, they often communicate directly with victims to demand a ransom payment. If the ransom is not paid, Snatch threat actors may threaten to publish the victims' data on their extortion blog. |
|
20 October 2023
Viewed 448 time
